As is known, secure conventional communication systems provide a medium for users to transmit and receive sensitive information without the risk of eavesdropping by unauthorized parties. In a secure conventional communication system, users manually load a key variable (used in the encryption process) into each communication unit by physically attaching a key variable loader to the unit. In addition, each unit was only capable of storing one key. This limitation, complicated key management in a system by making periodic key changes and interoperability of groups that normally use different key variables difficult. To provide for more efficient key management, multi-key and over-the-air-rekeying (OTAR) were developed.
Multi-key is the storing of multiple key variables within a secure device, i.e. subscriber unit, console interface unit, or encode/decode station. The secure device loads the appropriate key into an encryption/decryption hybrid, based on the assigned channel. Key indexing is an optional feature whereby the keys within a subscriber unit are partitioned into two groups of indexes. One index is active and used for voice, while the other index can be rekeyed.
OTAR allows a fixed computer to send new key variables over the air to the communication units. This feature eliminates the need to physically attach a key variable loader to each communication unit, thus increasing both the efficiency and security of the rekeying process. For additional security, OTAR can be performed on one communication unit at a time or, for convenience, with groups of communication units.
To support multi-key or OTAR, a secure conventional communication system comprises a distribution panel, a key management controller (KMC), a limited number of console interface units (CIUs), a console, and a plurality of repeaters. The distribution panel routes messages between the KMC and the CIUs such that the CIUs store key variables for the console. The CIUs use the key variables to encrypt clear audio from the console and routes the encrypted audio to the repeater for broadcast to the communication units associated with that repeater. The CIUs also use the key variables to decrypt encrypted audio received by the repeaters and routes the clear audio to the console. As discussed above, the KMC manages the key variables (keys used to encrypt and decrypt voice/data) in the system.
In the secure conventional communication system with multi-key and OTAR, communication units and CIUs are able to perform the multi-key function (loading of an appropriate key) based on the assigned channel. This is done when the KMC transmits the OTAR information which includes the key variables to a CIU that is associated with the assigned channel. The selected CIU transmits the information to its associated repeater and the repeater transmits the OTAR information to the associated communication units.
Secure trunking communication systems are known to comprise communication units, a central controller, and a plurality of repeaters. Typically, the central controller performs all system wide functions in the communication system, such as call processing, assignment of voice/data channels, and establishment of the control channel repeater. However, because the communication channels are constantly allocated to different groups of communication units, consoles are not readily used due to the large amounts of information needed to establish secure communications with a console. This results because a console must be able to talk on each channel to any group of communication units in a real time fashion. Thus requiring the console to continually monitor the control channel for a channel and group assignments. This adds a substantial amount of congestion to the processing of system operational data, i.e. the data required to set up secure communications.
Therefore a need exits for a method of reducing the required communications between the central controller and the CIUs thus making secure communications via a console more practical.